TCP/IP Protocols Overview  |  IP  |  ARP  |  ICMP  |  

Internet Control Message Protocol

ICMP is used by a device, often a router, to report and acquire a wide range of communications-related information. Consider these reasons why a device would have to report or acquire information:

  • A router can not find a host computer on a destination network or when a frame has circulated in a routing loop until its Time To Live counter has been decremented to zero then the router discards the message.
  • A user sends a message to connect to a non-existent program in a host computer (Telnet to a file-server that doesn't support Telnet, for example) then the host discards the message.
  • A host tries to contact a remote destination but it happens to use the wrong router to get to that remote destination; the router that was contacted must inform the host of the correct path.
In each of these cases, the ICMP protocol has a specific message type that is used to report the error condition back to the originator. ICMP is completely defined in RFC 792 but here is a brief overview of the message types. Those that are discussed in separate topics in this section are linked:
  • Echo and Echo Reply: Used to implement the PING command. When an ICMP Echo is received it is responded to with an Echo Reply message.
  • Destination Unreachable: There are several reasons why an IP destination may be unreachable and the ICMP message reports the reason. This often indicates a configuration or other communications problem. When the destination is unreachable as a result of the setting of the IP Type Of Service byte, the expected behavior is discussed in RFC 1349.
  • Source Quench: When a router is being overloaded by a high-powered host, the router can send a Source Quench message and cause the host to stop transmissions for a short period of time during which the router can catch up. You'll very rarely see this one on a network.
  • Redirect: A router can tell a host to use a different target address when sending frames to some remote location. This is a normal action to see one time at the beginning of a new conversation.
  • Time Exceeded: A router has received a frame that has had its Time To Live field decremented to one. The router now decrements the field to zero and discards the frame. The Time Exceeded message is used to inform the originator of the frame that the discard action took place.
  • Parameter Problem: There was an error (probably a communications software bug!) in the construction of an IP datagram. If you ever see this on your network - call your vendor (or.. call WildPackets for consulting help!)
  • Timestamp: ICMP can be used by a diagnostic program to time the round-trip delay in a conversation path. You'll very rarely see this one on a network.
  • Address Mask Request and Reply: ICMP can be used by a program to read the Address Mask (the subnet mask) value from another machine. You'll very rarely see this one on a network.

Additional Topics in this Section:

  • RFC 792: This RFC discusses the ICMP protocol including the messages and queries that ICMP can use, the frame header structure for each, and the anticipated behavior.
  • RFC 1349: This RFC discusses how ICMP will behave in response to various IP TYPE OF SERVICE configurations.

WildPackets is now Savvius

For the latest information on our products and services please go to our new site at www.savvius.com.

We are in the process of migrating some of our legacy content to our new site, so Wildpackets.com is still available. If the content you are looking for has already been migrated we will automatically redirect you.